Flaw in all versions of Apple’s OS X

Following news that SentinelOne have unearthed a major flaw in all versions of Apple’s OS X operating system, Guillaume Ross, Senior Security Consultant of Strategic Services at Rapid7, has commented:

“This OS X vulnerability could allow an attacker, or enable malware already present on the computer, to obtain higher privileges. It is not a vulnerability that could be exploited remotely, directly.

For systems administrators managing OS X servers used by multiple users through SSH or screen-sharing, or for shared OS X computers such as those found in schools, this vulnerability should be considered very dangerous as legitimate users could attempt to use it to elevate privileges and take control of the system, or other users’
data.

Privilege escalation/elevation bugs like this are often used as a second step – they come after an attack or where malware has taken control of the system to access more information or modify the system further. For this vulnerability to be exploited, something else must be leveraged in the first instance, such as, existing malware on the system or another vulnerability that can be exploited remotely, or legitimate access to the computer.”